<?php
/* -------------------------------------------------------------------------------------
* 	ID:						$Id: cart_actions.php 250 2013-09-23 07:41:26Z phone.mueller@googlemail.com $
* 	Letzter Stand:			$Revision: 250 $
* 	zuletzt geaendert von:	$Author: siekiera $
* 	Datum:					$Date: 2013-09-23 07:41:26 +0000 (Mon, 23 Sep 2013) $
*
* 	SEO:mercari by Siekiera Media
* 	http://www.seo-mercari.de
*
* 	Copyright (c) since 2011 SEO:mercari
* --------------------------------------------------------------------------------------
* 	based on:
* 	(c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
* 	(c) 2002-2003 osCommerce - www.oscommerce.com
* 	(c) 2003     nextcommerce - www.nextcommerce.org
* 	(c) 2005     xt:Commerce - www.xt-commerce.com
*
* 	Released under the GNU General Public License
* ----------------------------------------------------------------------------------- */

function cleanCartAction($Input) {
	return preg_replace("/[^0-9|\{|\}]/",'',$Input);
}

if(!empty($_GET['del'])) {
	$_GET['del'] = cleanCartAction($_GET['del']);
	$_SESSION['cart']->remove($_GET['del']);
	$RedirectionFlag = true;
	$RedirectionArray[] = 'del';
}

if(!empty($_GET['plus'])) {
	$_GET['plus'] = cleanCartAction($_GET['plus']);

	if($_SESSION['cart']->contents[$_GET['plus']]['qty'] > 0)
		$_SESSION['cart']->contents[$_GET['plus']]['qty']++;
	else {
		preg_match("/([0-9]*)\{([0-9]*)\}([0-9]*)/", $_GET['plus'], $Treffer);
		if(!empty($Treffer[2]) && !empty($Treffer[3]))
			$_SESSION['cart']->add_cart($Treffer[1], 1, array($Treffer[2] => $Treffer[3]));
		else
			$_SESSION['cart']->add_cart($_GET['plus']);
	}
	$RedirectionFlag = true;
	$RedirectionArray[] = 'plus';
}

if(!empty($_GET['minus'])) {
	$_GET['minus'] 	= cleanCartAction($_GET['minus']);
	if($_SESSION['cart']->contents[$_GET['minus']]['qty'] > 1)
		$_SESSION['cart']->contents[$_GET['minus']]['qty']--;
	else
		$_SESSION['cart']->remove($_GET['minus']);
	$RedirectionFlag = true;
	$RedirectionArray[] = 'minus';
}

if($RedirectionFlag)
	redirect(href_link(FILENAME_SHOPPING_CART,get_all_get_params($RedirectionArray)));

if(isset($_GET['action'])) {
	if($session_started == false)
		redirect(href_link(FILENAME_COOKIE_USAGE));

	if (DISPLAY_CART == 'true') {
		$goto = FILENAME_SHOPPING_CART;
		$parameters = array('action', 'cPath', 'products_id', 'pid');

	} else {
		if(basename($PHP_SELF) == FILENAME_SEO_URL)
			$goto = $_REQUEST['linkurl'];
		else
			$goto = basename($PHP_SELF);

		if ($_GET['action'] == 'buy_now')
			$parameters = array ('action', 'pid', 'products_id', 'products_id', 'cat');
		else
			$parameters = array ('action', 'pid', 'products_id', 'info', 'cat');
	}

	switch ($_GET['action']) {
		case 'update_product':
			for ($i = 0, $n = sizeof($_POST['products_id']); $i < $n; $i ++) {
				if($_POST['submit_target'] == 'wish_list') {
					if(in_array($_POST['products_id'][$i], (is_array($_POST['cart_delete']) ? $_POST['cart_delete'] : array())))
						$_SESSION['wish_list']->remove($_POST['products_id'][$i]);
					else {
						if ($_POST['cart_quantity'][$i]>MAX_PRODUCTS_QTY) $_POST['cart_quantity'][$i]=MAX_PRODUCTS_QTY;
						$attributes = ($_POST['id'][$_POST['products_id'][$i]]) ? $_POST['id'][$_POST['products_id'][$i]] : '';
						$_SESSION['wish_list']->add_cart($_POST['products_id'][$i], remove_non_numeric($_POST['cart_quantity'][$i]), $attributes, false);
					}
					$goto = FILENAME_WISH_LIST;

				} else {
					if(in_array($_POST['products_id'][$i], (is_array($_POST['cart_delete']) ? $_POST['cart_delete'] : array())))
						$_SESSION['cart']->remove($_POST['products_id'][$i]);
					else {
						if ($_POST['cart_quantity'][$i]>MAX_PRODUCTS_QTY) $_POST['cart_quantity'][$i]=MAX_PRODUCTS_QTY;
						$attributes = ($_POST['id'][$_POST['products_id'][$i]]) ? $_POST['id'][$_POST['products_id'][$i]] : '';
						$_SESSION['cart']->add_cart($_POST['products_id'][$i], remove_non_numeric($_POST['cart_quantity'][$i]), $attributes, false);
					}
				}
			}
			
			if(isset($_POST['country'])) 
				$_SESSION['country'] = (int)$_POST['country'];
			
			redirect(href_link($goto, get_all_get_params($parameters)));
			break;

		case 'wish_list' :
			$permission = $db->db_query("SELECT group_permission_".$_SESSION['customers_status']['customers_status_id']." AS customer_group, products_fsk18 FROM ".TABLE_PRODUCTS." WHERE products_id = '".(int)$_GET['products_id']."'");

			if($permission->fields['products_fsk18'] == '1' && $_SESSION['customers_status']['customers_fsk18'] == '1')
				redirect(href_link(FILENAME_PRODUCT_INFO, 'products_id='.(int)$_GET['products_id'], 'NONSSL'));

			if($_SESSION['customers_status']['customers_fsk18_display'] == '0' && $permission->fields['products_fsk18'] == '1')
				redirect(href_link(FILENAME_PRODUCT_INFO, 'products_id='.(int)$_GET['products_id'], 'NONSSL'));

			if(GROUP_CHECK == 'true')
				if($permission->fields['customer_group'] != '1')
					redirect(href_link(FILENAME_PRODUCT_INFO, 'products_id='.(int)$_GET['products_id']));

			$_SESSION['wish_list']->add_cart((int)$_GET['products_id'], $_SESSION['wish_list']->get_quantity((int)$_GET['products_id']) + $_POST['products_qty'], $_POST['id']);

			redirect(href_link(FILENAME_WISH_LIST, get_all_get_params(array('action','products_id'))));
			break;

		case 'add_product' :
			if(isset($_POST['products_id']) && is_numeric($_POST['products_id'])) {
				if(!is_numeric($_POST['products_qty']))
					$_POST['products_qty'] = 1;
				
				if ($_POST['products_qty']>MAX_PRODUCTS_QTY)
					$_POST['products_qty'] = MAX_PRODUCTS_QTY;

  				if($_POST['submit_target'] == 'wish_list') {
  					$_SESSION['wish_list']->add_cart((int)$_POST['products_id'], $_SESSION['wish_list']->get_quantity(get_uprid($_POST['products_id'], $_POST['id']))+$_POST['products_qty'], $_POST['id']);
  
  					$goto = FILENAME_WISH_LIST;
  
  				} else {
  					if ($_POST['cart_quantity'] !=''){
  						$_SESSION['cart']->add_cart((int)$_POST['products_id'], $_SESSION['cart']->get_quantity($_POST['products_id']) + $_POST['cart_quantity']);
  						$_SESSION['wish_list']->remove((int)$_POST['products_id']);
  					} else
  						$_SESSION['cart']->add_cart((int)$_POST['products_id'], $_SESSION['cart']->get_quantity(get_uprid($_POST['products_id'], $_POST['id']))+$_POST['products_qty'], $_POST['id']);
  				}
  			}
			redirect(href_link($goto, 'products_id='.(int)$_POST['products_id'].'&'.get_all_get_params($parameters)));
			break;

		case 'check_gift' :
			require_once(DIR_FS_INC.'inc.collect_posts.php');
			collect_posts();
			break;

		case 'add_a_quickie' :
			$quicky = addslashes($_POST['quickie']);
			if (GROUP_CHECK == 'true')
				$group_check = " AND group_permission_".$_SESSION['customers_status']['customers_status_id']." = 1 ";

			$quickie = $db->db_query("	SELECT
											products_fsk18,
											products_id
										FROM
											".TABLE_PRODUCTS."
										WHERE
											products_status = '1'
										AND 
											products_model = '".$quicky."'
										OR 
											products_ean = '".$quicky."'
											 ".$group_check);

			if (!$quickie->_numOfRows) {
				if (GROUP_CHECK == 'true')
					$group_check = " AND group_permission_".$_SESSION['customers_status']['customers_status_id']." = 1 ";
				
				$quickie = $db->db_query("	SELECT
												products_fsk18,
												products_id
											FROM
												".TABLE_PRODUCTS."
											WHERE
												products_status = '1'
											AND
												products_model REGEXP '%".$quicky."%' 
											OR 
												products_ean REGEXP '%".$quicky."%'
												".$group_check);
			}
			if(!$quickie->_numOfRows)
				redirect(href_link(FILENAME_ADVANCED_SEARCH_RESULT, 'keywords='.$quicky, 'NONSSL'));

			if (has_product_attributes($quickie->fields['products_id'])) {
				redirect(href_link(FILENAME_PRODUCT_INFO, 'products_id='.$quickie->fields['products_id'], 'NONSSL'));

			} else {
				if ($quickie->fields['products_fsk18'] == '1' && $_SESSION['customers_status']['customers_fsk18'] == '1')
					redirect(href_link(FILENAME_PRODUCT_INFO, 'products_id='.$quickie->fields['products_id']));
				
				if ($_SESSION['customers_status']['customers_fsk18_display'] == '0' && $quickie->fields['products_fsk18'] == '1')
					redirect(href_link(FILENAME_PRODUCT_INFO, 'products_id='.$quickie->fields['products_id']));
				
				if ($_POST['quickie'] != '') {
					$act_qty = $_SESSION['cart']->get_quantity(get_uprid($quickie->fields['products_id'], 1));
					if ($act_qty > MAX_PRODUCTS_QTY)
						$act_qty = MAX_PRODUCTS_QTY - 1;
					$_SESSION['cart']->add_cart($quickie->fields['products_id'], $act_qty +1, 1);
					redirect(href_link($goto));
				    
				} else
					redirect(href_link(FILENAME_ADVANCED_SEARCH_RESULT, 'keywords='.$quicky, 'NONSSL'));
			}
			break;

		case 'buy_now' :
			if(isset($_GET['products_id'])) {

				$permission = $db->db_query("SELECT
													group_permission_".$_SESSION['customers_status']['customers_status_id']." AS customer_group,
													products_fsk18
												FROM
													".TABLE_PRODUCTS."
												WHERE
													products_id='".(int)$_GET['products_id']."'");

				if($permission->fields['products_fsk18'] == '1' && $_SESSION['customers_status']['customers_fsk18'] == '1')
					redirect(href_link(FILENAME_PRODUCT_INFO, 'products_id='.(int)$_GET['products_id'], 'NONSSL'));

				if($_SESSION['customers_status']['customers_fsk18_display'] == '0' && $permission->fields['products_fsk18'] == '1')
					redirect(href_link(FILENAME_PRODUCT_INFO, 'products_id='.(int)$_GET['products_id'], 'NONSSL'));

				if(GROUP_CHECK == 'true')
					if($permission->fields['customer_group'] != '1')
						redirect(href_link(FILENAME_PRODUCT_INFO, 'products_id='.(int)$_GET['products_id']));

				if(has_product_attributes($_GET['products_id']))
					redirect(href_link(FILENAME_PRODUCT_INFO, 'products_id='.(int)$_GET['products_id']));
					
				else {
					if(isset($_SESSION['cart']))
						$_SESSION['cart']->add_cart((int)$_GET['products_id'], $_SESSION['cart']->get_quantity((int)$_GET['products_id']) + 1);
					else
						redirect(href_link(FILENAME_DEFAULT));
				}
			}
			redirect(href_link($goto, get_all_get_params(array('action','products_id'))));
			break;

		case 'cust_order' :
			if (isset ($_SESSION['customer_id']) && isset ($_GET['pid'])) {
				if (has_product_attributes((int)$_GET['pid']))
					redirect(href_link(FILENAME_PRODUCT_INFO, 'products_id='.(int)$_GET['pid']));
				else
					$_SESSION['cart']->add_cart((int)$_GET['pid'], $_SESSION['cart']->get_quantity((int)$_GET['pid']) + 1);
			}
			redirect(href_link($goto, get_all_get_params($parameters)));
			break;

		case 'paypal_express_checkout' :
			$o_paypal->paypal_express_auth_call();
			redirect($o_paypal->payPalURL);
			break;
	}
}
?>